Ruby on Rails "implicit render" Directory Traversal Vulnerability

Systems Affected

Ruby on Rails versions prior to 3.2.18

Ruby on Rails versions prior 4.0.x to 4.0.5

Ruby on Rails versions prior 4.1.x to 4.1.1

Threat Level

Medium

Overview

A directory traversal vulnerability has been reported in "implicit render" functionality in Ruby on Rails which could be exploited by a remote attacker to retrieve arbitrary files from the target system.

Description

This vulnerability exists due to improper sanitization of directory traversal character sequences by the action parameters used by the affected application when using globbing routes to send input to the ":action" parameter.

A remote unauthenticated attacker could exploit this vulnerability using specially crafted web request with such a directory traversal character sequence to the targeted system which could allow the attacker to conduct directory traversal attacks on the targeted system and disclose arbitrary files.